It is very rare for this to happen, but now cybercriminals are using the Windows Calculator program as the gateway to infect your computer. Pay attention to this information.
Security researcher ProxyLife found that QBot, a Windows malware strain and former banking Trojan, is now more reliable for infecting computers. Particularly what the malware does is to use the Windows Calculator to infect the system. The way to do this is by spoofing DDLs, sideloading dynamic link libraries, and cheating the system. QBot uses the Windows 7 Calculator program to execute these DLL sideloading attacks. Since July 11, this attack on computers has been taking place, which also becomes an effective method for spreading spam.
It may interest you According to reports, Microsoft could present Windows 12 in 2024
How does this virus get to my computer?
The way QBot can reach your computer is through an email that contains the malware as an HTML attachment. This includes a ZIP file with an ISO file, which contains a . LNK. Plus a copy of ‘calc.exe’ (Windows Calculator). Two DLL files: WindowsCodecs.dll, joined by a malicious payload (7533.dll). When you open the ISO file then a shortcut is run that links to the Windows Calculator app.
Once the shortcut is opened, the infection infiltrates the system with QBot malware via command prompt. Windows Calculator is a trustworthy program, which is why using this application to distribute malware could lead to the system not detecting the threat. This makes it a very effective and creative way to avoid detection. It is important that you know that this only applies to Windows 7, because in Windows 10 and 11 they can no longer use the DDL test load technique. So if you still have Windows 7 be very careful about suspicious emails with ISO files.
Image: Tadas Sar on Unsplash